System for and Method of Managing Access to a System Using Combinations of User Information

1. A method of controlling access to a system comprising: performing a test that includes comparing multiple input responses to multiple randomly selected questions with multiple corresponding pre-determined responses to the multiple questions; and granting access to the system in the event the test is passed, by providing a user with a key for encrypting data on the system, a key for decrypting data on the system, or both keys, wherein the keys correspond to a hierarchical position of the user in an entity owning the data, the keys are shared among all users at the hierarchical position, the keys allow encryption and decryption of data belonging to users at positions lower than the hierarchical position, and encryption and decryption are performed automatically, without the user interfering, in response to write and read commands, respectively, on the system.

2. The method of claim 1 , wherein a first condition of passing the test is that each input response from the multiple input responses matches a corresponding one of the multiple pre-determined responses.

3. The method of claim 1 , further comprising presenting the multiple questions sequentially.

4. The method of claim 1 , further comprising presenting the multiple questions concurrently.

5. The method of claim 1 , further comprising presenting questions and candidate responses in a multiple choice format.

6. The method of claim 1 , wherein a first condition of passing the test is providing responses to only a pre-determined subset of the multiple questions presented to a user.

7. The method of claim 1 , wherein granting access to the system comprises decrypting non-authentication information on the system using a decryption key.

8. The method of claim 1 , further comprising selecting a question from the multiple questions for presentation based on a time that the question was last displayed.

9. The method of claim 1 , further comprising selecting a question from the multiple questions for presentation based on a number of times the question was displayed within a pre-determined time period.

10. The method of claim 1 , further comprising authorizing a user to access the system only if the user answers the questions in a pre-determined user-selected sequence different from a sequence presented to the user, does not answer one or more pre-determined user-selected questions presented to the user, or supplies a corresponding pre-determined user-selected incorrect answer to one or more of the questions.

11. The method of claim 1 , wherein the keys are of multiple encryption and decryption keys having increasing rights of access to the system.

12. The method of claim 2 , wherein a pre-determined response from the multiple pre-determined responses is a pre-determined correct answer that corresponds to a question from the multiple questions.

13. The method of claim 2 , wherein a pre-determined response from the multiple pre-determined responses is a pre-determined incorrect answer to a question from the multiple questions.

14. The method of claim 2 , wherein a second condition of passing the test is entering the multiple input responses into the system during the test in a pre-determined sequence different from the sequence that the multiple questions are displayed during the test.

15. The method of claim 5 , further comprising presenting candidate responses that include both correct and incorrect answers to the multiple questions.

16. The method of claim 6 , wherein the test is failed by selecting a question from the multiple questions for which there is no corresponding pre-determined response.

17. A method of controlling access to an area from among different areas of a system, each of the different areas having a different hierarchical security classification, the method comprising: selecting a combination of questions for presentation to a user; determining access permissions for the user to the area using a vector that associates a hierarchical classification of the user to the access permissions, wherein the vector contains permissions vectors for separate hierarchical classifications in a business entity; granting the user access to the area based on both responses to the combination of questions and the access permissions, such that the user can encrypt and decrypt data, automatically, without the user interfering, in the area belonging to users having a classification lower than the hierarchical classification, wherein a same number of questions are answered to determine access permissions to any of the different areas; encrypting a response input by the user using an encryption key to generate an encrypted input response; and granting access to the system in the event that the encrypted input response matches a corresponding encrypted system response.

18. The method of claim 17 , wherein the classification corresponds to a membership of the user in one or more of a corporation, a division, a department, a group, and a project.

19. The method of claim 17 , wherein the area of the system corresponds to any one or more of a disk partition, a file system, a portion of a database, a directory, an electronic folder, an electronic file, and a data object.

20. The method of claim 17 , wherein the combination of questions is randomly selected.

21. The method of claim 17 , wherein granting access to the area comprises determining permissions to the area corresponding to the classification.

22. The method of claim 17 , wherein the classification has a hierarchical structure that corresponds to an organizational structure of an entity.

23. The method of claim 20 , further comprising displaying the combination of questions using a user interface protocol.

24. The method of claim 23 , wherein the user interface protocol comprises displaying candidate responses to the questions as multiple choices.

25. The method of claim 17 , wherein granting access to the system comprises decrypting the area of the system using a decryption key corresponding to the encryption key.

26. A module for controlling access to a system comprising: means for randomly selecting a combination of questions; and means for granting access to the system in the event multiple user responses to the questions match corresponding multiple pre-determined responses to the questions, wherein granting access comprises providing a user with a key for encrypting data on the system, a key for decrypting data on the system, or both keys, the keys corresponding to a hierarchical position of the user in an entity, the keys are shared among all users at the hierarchical position, the keys encrypt and decrypt data belonging to users at positions lower than the hierarchical position, and encryption and decryption are performed automatically, without the user interfering, in response to write and read commands, respectively, on the system.

27. The module of claim 26 , further comprising means for presenting the combination of questions.

28. The module of claim 26 , wherein the means for randomly selecting a combination of questions comprises a memory for storing information for tracking questions presented to a user.

29. The module of claim 27 , wherein the means for presenting displays the combination of questions sequentially.

30. The module of claim 27 , wherein the means for presenting displays the combination of questions concurrently.

31. A module for controlling access to data on a system comprising: a processor; a generator component for presenting a randomly selected combination of questions to a user for authenticating the user on the system; and a grant component for granting access to encrypt and decrypt the data based on permissions granted to the user and on responses of the user to the combination of questions, wherein the permissions correspond to a hierarchical classification of the user in an entity owning the data, the permissions stored in a single vector comprising a first sub-vector indicating the user's membership in sections of the entity, the sections having different hierarchical levels, and from a second sub-vector indicating access rights to the data for each of the sections, wherein granting access to the system comprises granting access to one of an encryption key, a decryption key, or both, for accessing non-authentication data on the system.

32. The module of claim 31 , wherein the classification of the user corresponds to any one or more of a corporation identifier, a division identifier, a business identifier, a department identifier, a group identifier, and a user identifier.

33. A network of devices comprising: one or more user devices; and an access control module for granting access to protected data to multiple users using the user devices, wherein the data have different hierarchical levels, access rights to the data for each user from the multiple users is determined in an authorization sequence and is based on a position of the user in an organization, on a vector associating access permissions to the protected data with the position, and on multiple responses of the user to a combination of randomly selected questions, the vector comprising permission vectors for separate hierarchical levels in a business entity, and a number of steps in the authorization sequence is independent of a hierarchical level of the data, wherein the protected data comprises any one or more of an encrypted disk partition, an encrypted file system, an encrypted portion of a database, an encrypted directory, an encrypted electronic folder, file, an encrypted data object, and further wherein encryption is performed automatically, without the user interfering.

34. The network of claim 33 , wherein the position of a user corresponds to a membership of a user in any one of a corporate unit, a division, a business unit, a department, a group, and a team.

35. The network of claim 33 , wherein the vector associates multiple hierarchical positions with multiple access permissions.

36. A method of granting a user access to encrypted data on a system comprising: determining that the user has answered multiple randomly selected questions to thereby verify an identity of the user; providing the user a decryption key corresponding to a position of the user in an entity in response to verifying the identity of the user, wherein the decryption key is one of multiple decryption keys for the system each corresponding to a position in the entity; determining from a name of the user and the decryption key, an owner, a department, and a data access permissions vector for the user; and using the owner, the department, and the data access permissions vector to decrypt the encrypted data, automatically, without the user interfering.

37. A method of granting a user access to data on a system comprising: determining that the user has provided pre-determined answers to multiple randomly selected questions, thereby authenticating the user, wherein a number of the questions is independent of a hierarchical classification of the data; determining permissions for the user to access the data based on a position of the user in an entity; and granting the user access to the data by encrypting the data, decrypting the data, or both using an encryption key and a corresponding decryption key corresponding to the position, wherein each of the encryption key and the decryption key encrypts or decrypts data owned by users at that position and at any lower positions, and encryption and decryption are performed automatically, without the user interfering, in response to write and read commands, respectively, on the system.